CI/CD

In software engineering, CI/CD or CICD is the combined practices of continuous integration and either continuous delivery or continuous deployment. CI/CD bridges the gaps between development and operation activities and teams by enforcing automation in building, testing and deployment of applications.

CI/CD

Edgescan has identified the need to shift left and identify vulnerabilities earlier in the software development lifecycle. 

For this reason, a fully supported plugin was developed for CI/CD pipelines.  This integration allows DevOps teams to initiate VM scanning from their chosen platform.  Once initiated, a scan will take place, and a pass/fail will be returned depending on configured criteria.  The build will fail if the results do not match the configured criteria.  Otherwise, the build will proceed to the next step if applicable. 

This docker image can be deployed to any appropriate environment.

 

Edgescan CI/CD integration

This image allows to kick off an assessment and fails/succeeds according to its result.

It succeeds if the assessment completes with no vulnerabilities found (a tolerance for the risk level can be provided), it fails otherwise.

When it’s not waiting for the scan to finish it succeeds once the assessment is started.

The program will exit with value 0 on success and -1 otherwise.

 

Getting started

Pull the Docker image

docker pull edgescan/cicd-integration

Execute the Docker image and append --help for details about its usage

docker run --tty edgescan/cicd-integration --help

Configuration can be provided in 3 ways (in order of priority)

1. CLI flags
2. YAML configuration file
3. Environment variables

Parameter

Command line flag

Field name in configuration file

Environment variable name

Default value

Required

Asset ID –asset-id asset_id ES_ASSET_ID None True
API Token –api-token api_token ES_API_TOKEN None True
Base URL –base-url base_url ES_BASE_URL “https://live.edgescan.com” False
Max Risk Threshold –max-risk-threshold max_risk_threshold MAX_RISK_THRESHOLD 3 False
Wait –wait / –no-wait wait WAIT True False
Color –color / –no-color color COLOR True False
Proxy –proxy proxy PROXY None False

Execute the Docker image

Executing with the command line interface

docker run --tty edgescan/cicd-integration --asset-id 1234 --api-token th34p1t0ken

Executing with a YAML config file

docker run --tty -v /local/path/to/file.yml:/cicd-config.yml edgescan/cicd-integration

Executing with environment variables

docker run --tty -e ES_API_TOKEN="th34p1t0ken" -e ES_ASSET=1234 edgescan/cicd-integration

Executing with a dotenv file

docker run --tty --env-file .env edgescan/cicd-integration

Executing with 3 methods

docker run --tty -v /path/to/file.yml:/cicd-config.yml --env-file .env edgescan/cicd-integration --asset-id 1234